Evernote | Breaking Cybersecurity News | The Hacker News

Cyber criminals  are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets. TrendMicro uncovered a malware detected as " BKDR_VERNOT.A " tried to communicate with Command-and-Control Server using Evernote. Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization. Researchers  also pointed out that the backdoor may have also used Evernote as a location to upload stolen data. " Unfortunately, during our testing, it was not able to login using the credentials embedded in the

Cloud note-taking service Evernote has been hacked and now you have to reset your password  imminently . A ccording to  a post on the official Evernote blog , an  unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords. " Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. " But those passwords were encrypted, so  all users must change their password before they can log back into their account. " In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. " Evernote also said that they h ave no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. There are also several important steps that you can take to en

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.